CVE-2016-10972
published 2019-09-16CVE-2016-10972: The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
9.27%
94.7th percentile
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tagdiv | newspaper | < 6.7.2 | 6.7.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe for the Newspaper theme style.css and extract the version string; versions >= 6.4 and <= 6.7.1 are vulnerable. ↗
- →Version number can be extracted from the theme stylesheet body using the regex pattern 'Version: ([0-9.]+)'. ↗
- →FOFA/Shodan fingerprint: search for sites whose body contains 'wp-content/themes/mTheme-Unus/' to identify potentially vulnerable Newspaper theme installations. ↗
- →Monitor WordPress AJAX requests targeting the 'td_ajax_update_panel' action, especially from unauthenticated or low-privilege users, as this is the vulnerable endpoint enabling privilege escalation. ↗
- ·The vulnerability affects Newspaper Theme versions 6.4 through 6.7.1 only; version 6.7.2 and later are patched. ↗
- ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning any unauthenticated remote attacker can trigger the privilege escalation via the exposed AJAX endpoint. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jx5r-g6v9-338q: The newspaper theme before 6
ghsa_unreviewed·2022-05-24
CVE-2016-10972 [HIGH] GHSA-jx5r-g6v9-338q: The newspaper theme before 6
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
VulnCheck
tagdiv newspaper Improper Privilege Management
vulncheck·2016·CVSS 9.8
CVE-2016-10972 [CRITICAL] tagdiv newspaper Improper Privilege Management
tagdiv newspaper Improper Privilege Management
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
Affected: tagdiv newspaper
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://news.drweb.com/show/?i=14646&lng=en&c=23
No detection rules found.
Nuclei
Newspaper Theme 6.4–6.7.1 - Privilege Escalation
nuclei·CVSS 9.8
CVE-2016-10972 [CRITICAL] Newspaper Theme 6.4–6.7.1 - Privilege Escalation
Newspaper Theme 6.4–6.7.1 - Privilege Escalation
Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through td_ajax_update_panel, which led to a Privilege Escalation vulnerability.
Template:
id: CVE-2016-10972
info:
name: Newspaper Theme 6.4–6.7.1 - Privilege Escalation
author: pussycat0x
severity: critical
description: |
Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through td_ajax_update_panel, which led to a Privilege Escalation vulnerability.
impact: |
Unauthenticated attackers can escalate their privileges to administrator level, allowing complete control over the WordPress site including content manipulation, user management, and potential site takeover.
remediation: |
Update to Newspaper Theme versi
No writeups or analysis indexed.
2019-09-16
Published
Exploited in the wild